Data analytics and security in social networks

ABSTRACT

A method for securing a social network account assigned to a member is provided. The method may include determining at least one social network account assigned to the member, the member being in electronic communication with the at least one social network account via a communication network, using a software program on a computer having a processor for executing the software program. The method may also include determining a pattern of communications between the member and the at least one social network account and generating a profile for the at least one social network account assigned to the member based on the pattern of communications. The method may further include monitoring an electronic communication with the at least one social network account by the member based on comparing the generated profile with the electronic communication.

FIELD OF THE INVENTION

The present invention relates generally to the field of socialnetworking using a computer on a communication network, and moreparticularly to the security risks regarding the use of multipleinter-connected social networks.

BACKGROUND

Computerized social networks provide a means of interaction amongcomputer users through communities they build over time to shareinterests, activities and business connections.

Many people may have accounts in multiple social networks. Socialnetwork aggregation is the process of collecting content from multiplesocial network services, such as MySpace or Facebook. The process ofcollecting the content is often performed by a social networkaggregator. A social network aggregator gathers information and storesit in a single location. This may help a user consolidate multiplesocial networking profiles into one profile. Various aggregationservices provide tools or widgets to allow users to consolidatemessages, track friends, combine bookmarks, search across multiplesocial networking sites, read rich site summary (RSS) feeds for multiplesocial networks, see when their name is mentioned on various sites,access their profiles from a single interface, provide “lifestreams”,etc. Social network aggregation services attempt to organize or simplifya user's social networking experience by inter-connecting multiplesocial network accounts assigned to the same person.

However, there may be security risks involved in having automaticsynchronization of message posting across multiple social networks.There are plugins or aggregation programs that can bridge among multiplesocial networks so that when a user posts a message on one socialnetwork, the same message can be automatically posted in otherauthorized social networks. For example, if one account were to behacked, the hacker may be able to control the other social mediaaccounts assigned to the same user. As such, messages that are posted bythe hacker may automatically be populated across multiple socialnetworks owned by the same user and the user may not even be aware thatany of their social media accounts have been hacked. Therefore, it maybe advantageous, among other things, to provide enhanced security acrossshared accounts in social networks.

SUMMARY

According to at least one embodiment of the present invention, a methodfor securing a social network account assigned to a member is provided.The method may include determining at least one social network accountassigned to the member, the member being in electronic communicationwith the at least one social network account via a communicationnetwork, using a software program on a computer having a processor forexecuting the software program. The method may also include determininga pattern of communications between the member and the at least onesocial network account and generating a profile for the at least onesocial network account assigned to the member based on the pattern ofcommunications. The method may further include monitoring an electroniccommunication with the at least one social network account by the memberbased on comparing the generated profile with the electroniccommunication.

BRIEF DESCRIPTION OF THE SEVERAL VIEWS OF THE DRAWINGS

These and other objects, features and advantages of the presentinvention will become apparent from the following detailed descriptionof illustrative embodiments thereof, which is to be read in connectionwith the accompanying drawings. The various features of the drawings arenot to scale as the illustrations are for clarity in facilitating oneskilled in the art in understanding the invention in conjunction withthe detailed description. In the drawings:

FIG. 1 illustrates a networked computer environment according to oneembodiment;

FIG. 2 illustrates a networked computer environment with an exemplarysocial hacking plugin according to one embodiment;

FIG. 3A-3C is an operational flowchart illustrating the steps carriedout by a social hacking program according to one embodiment; and

FIG. 4 is a block diagram of internal and external components ofcomputers and servers depicted in FIG. 1.

DETAILED DESCRIPTION

Detailed embodiments of the claimed structures and methods are disclosedherein; however, it can be understood that the disclosed embodiments aremerely illustrative of the claimed structures and methods that may beembodied in various forms. This invention may, however, be embodied inmany different forms and should not be construed as limited to theexemplary embodiments set forth herein. Rather, these exemplaryembodiments are provided so that this disclosure will be thorough andcomplete and will fully convey the scope of this invention to thoseskilled in the art. In the description, details of well-known featuresand techniques may be omitted to avoid unnecessarily obscuring thepresented embodiments.

The present invention relates generally to the sharing of multiplesocial network accounts assigned to a single user, and moreparticularly, to data analytics and security with respect to sharedsocial networks assigned to a single user. The following describedexemplary embodiments provide a system, method and program product toimprove security by using data analytics across multiple shared socialnetwork accounts assigned to the same user.

Currently, social network aggregation platforms allow members to sharetheir other social network activities across all their social networkaccounts, such as Twitter, YouTube, Facebook, Instagram and other majorplatforms. One can also integrate their blog posts and comments in theaggregation platform. Everything is shown in real time to other memberswho subscribe to a particular community. Social network aggregationeliminates the need to switch from one social media network to anotherin order to keep track of all the updates pertaining to one subscriberacross multiple social media. For example, a single user may sharemessages among several of their social network accounts for conveniencepurposes so they do not have to login into each account to change theirstatus or post a message.

However, as previously described, there may be security risks involvedin having automatic synchronization of message posting across multiplesocial networks. Having such a convenience feature established, mayresult in multiple connected accounts having the risk of being hacked ifone connected account is hacked. For example, if one account were to behacked, faked messages that are posted by the hacker may automaticallybe populated across multiple social networks owned by the same user. Forexample, hackers may be able to solicit information from other socialnetwork users simply by posing as the user of the hacked account.

In one embodiment, data analytics are used to increase security acrossall social network accounts shared by a single user. The methodgenerates a user profile based on a pattern of communications for eachof the user's shared social network accounts and monitors the dataintegrity of the electronic communications by comparing the user'smessages to the previously generated user profile for each of the sharedsocial network accounts.

As will be appreciated by one skilled in the art, aspects of the presentinvention may be embodied as a system, method or computer programproduct. Accordingly, aspects of the present invention may take the formof an entirely hardware embodiment, an entirely software embodiment(including firmware, resident software, microcode, etc.) or anembodiment combining software and hardware aspects that may allgenerally be referred to herein as a “circuit,” “module” or “system.”Furthermore, aspects of the present invention may take the form of acomputer program product embodied in one or more computer readablemedium(s) having computer readable program code embodied thereon.

Any combination of one or more computer readable medium(s) may beutilized. The computer readable medium may be a computer readable signalmedium or a computer readable storage medium. A computer readablestorage medium may be, for example, but not limited to, an electronic,magnetic, optical, electromagnetic, infrared, or semiconductor system,apparatus, or device, or any suitable combination of the foregoing. Morespecific examples (a non-exhaustive list) of the computer readablestorage medium would include the following: an electrical connectionhaving one or more wires, a portable computer diskette, a hard disk, arandom access memory (RAM), a read-only memory (ROM), an erasableprogrammable read-only memory (EPROM or Flash memory), an optical fiber,a portable compact disc read-only memory (CD-ROM), an optical storagedevice, a magnetic storage device, or any suitable combination of theforegoing. In the context of this document, a computer readable storagemedium may be any tangible medium that can contain, or store a programfor use by or in connection with an instruction execution system,apparatus, or device.

A computer readable signal medium may include a propagated data signalwith computer readable program code embodied therein, for example, inbaseband or as part of a carrier wave. Such a propagated signal may takeany of a variety of forms, including, but not limited to,electro-magnetic, optical, or any suitable combination thereof. Acomputer readable signal medium may be any computer readable medium thatis not a computer readable storage medium and that can communicate,propagate, or transport a program for use by or in connection with aninstruction execution system, apparatus, or device.

Program code embodied on a computer readable medium may be transmittedusing any appropriate medium, including but not limited to wireless,wireline, optical fiber cable, RF, etc., or any suitable combination ofthe foregoing.

Computer program code for carrying out operations for aspects of thepresent invention may be written in any combination of one or moreprogramming languages, including an object oriented programming languagesuch as Java, Smalltalk, C++ or the like and conventional proceduralprogramming languages, such as the “C” programming language or similarprogramming languages. The program code may execute entirely on theuser's computer, partly on the user's computer, as a stand-alonesoftware package, partly on the user's computer and partly on a remotecomputer or entirely on the remote computer or server. In the latterscenario, the remote computer may be connected to the user's computerthrough any type of network, including a local area network (LAN) or awide area network (WAN), or the connection may be made to an externalcomputer (for example, through the Internet using an Internet ServiceProvider).

Aspects of the present invention are described below with reference toflowchart illustrations and/or block diagrams of methods, apparatus(systems) and computer program products according to embodiments of theinvention. It will be understood that each block of the flowchartillustrations and/or block diagrams, and combinations of blocks in theflowchart illustrations and/or block diagrams, can be implemented bycomputer program instructions. These computer program instructions maybe provided to a processor of a general purpose computer, specialpurpose computer, or other programmable data processing apparatus toproduce a machine, such that the instructions, which execute via theprocessor of the computer or other programmable data processingapparatus, create means for implementing the functions/acts specified inthe flowchart and/or block diagram block or blocks.

These computer program instructions may also be stored in a computerreadable medium that can direct a computer, other programmable dataprocessing apparatus, or other devices to function in a particularmanner, such that the instructions stored in the computer readablemedium produce an article of manufacture including instructions whichimplement the function/act specified in the flowchart and/or blockdiagram block or blocks.

The computer program instructions may also be loaded onto a computer,other programmable data processing apparatus, or other devices to causea series of operational steps to be performed on the computer, otherprogrammable apparatus or other devices to produce a computerimplemented process such that the instructions which execute on thecomputer or other programmable apparatus provide processes forimplementing the functions/acts specified in the flowchart and/or blockdiagram block or blocks.

The flowchart and block diagrams in the figures illustrate thearchitecture, functionality, and operation of possible implementationsof systems, methods and computer program products according to variousembodiments of the present disclosure. In this regard, each block in theflowchart or block diagrams may represent a module, segment, or portionof code, which comprises one or more executable instructions forimplementing the specified logical function(s). It should also be notedthat, in some alternative implementations, the functions noted in theblock may occur out of the order noted in the figures. For example, twoblocks shown in succession may, in fact, be executed substantiallyconcurrently, or the blocks may sometimes be executed in the reverseorder, depending upon the functionality involved. It will also be notedthat each block of the block diagrams and/or flowchart illustration, andcombinations of blocks in the block diagrams and/or flowchartillustration, can be implemented by special purpose hardware-basedsystems that perform the specified functions or acts, or combinations ofspecial purpose hardware and computer instructions.

Currently, social network aggregation platforms allow members to sharetheir social network activities via bridges among various social networkaccounts assigned to the user. The bridges allow auto-posting ofmessages across the user's shared social network accounts. For example,if a user posts a message on Twitter, a social network aggregationprogram may also automatically post the same message on Facebook via abridge from Twitter to Facebook without the need for the user to have tolog into their Facebook account.

The following described exemplary embodiments provide a system, methodand computer program product to use a combination of stylometry(behavioral biometric) and metadata (social network attributes) todevelop user persona in a social network. Stylometry is the applicationof the study of linguistic style. It usually applies to writtenlanguage, but it can be applied to fine-art paintings and music as well.Stylomety may be used to attribute authorship to anonymous or disputeddocuments. Certain characteristics associated with the linguistic styleare noted, such as a member's style of writing, a type of message beingshared, a context of a message and an application used to post amessage. For example, whether the text is written in all lower case orwith all capital letters. Metadata (metacontent) are the data providinginformation about one or more aspects of the data, such as who createdthe posting, when the posting was created, what the content of theposting is, where the posting was created, how the posting was created,access control of the posting, and the IP address of the member creatingthe posting. For example, a digital image may include metadata thatdescribe how large the picture is, the color depth, the imageresolution, when the image was created, and other data. Similarly, atext document's metadata may contain information about how long thedocument is, who the author is, when the document was written, and ashort summary of the document.

According to one embodiment, stylometry and metadata are extracted fromhistorical message postings to establish a profile for each one of theuser's shared social network accounts. The profile is based upon theuser's persona on each of the shared social network accounts. Once theuser's profile is established for each of their social network accounts,the shared social network accounts are monitored for abnormal behavior.Then, based on this established user profile, any abnormal behavior thatdoes not fit into this user's persona, would be able to be detected.Once any abnormal behavior is detected, the user may be prompted with asecurity question. If the user is not able to answer the securityquestion accurately (i.e. authenticate their identity), all bridges thatallow auto-posting of messages across the user's shared social networkaccounts are disabled. Therefore, the hacker is prevented from gainingaccess to any additional social network accounts assigned to the user.

Referring to FIG. 1, an exemplary networked computer environment 100 inaccordance with one embodiment is depicted. The networked computerenvironment 100 may include a computer 102 with a processor 104 and adata storage device 106 that is enabled to run a software program 108.The networked computer environment 100 may also include a social network112, a server 114 and a communication network 110. The networkedcomputer environment 100 may include a plurality of computers 102 andservers 114, only one of which is shown. The communication network mayinclude various types of communication networks, such as a wide areanetwork (WAN), local area network (LAN), a telecommunication network, awireless network, a public switched network and/or a satellite network.It should be appreciated that FIG. 1 provides only an illustration ofone implementation and does not imply any limitations with regard to theenvironments in which different embodiments may be implemented. Manymodifications to the depicted environments may be made based on designand implementation requirements.

The client computer 102 may communicate with social network 112 runningon server computer 114 via the communications network 110. Thecommunications network 110 may include connections, such as wire,wireless communication links, or fiber optic cables. As will bediscussed with reference to FIG. 4, server computer 114 may includeinternal components 800 a and external components 900 a, respectively,and client computer 102 may include internal components 800 b andexternal components 900 b, respectively. Client computer 102 may be, forexample, a mobile device, a telephone, a personal digital assistant, anetbook, a laptop computer, a tablet computer, a desktop computer, orany type of computing device capable of accessing a social network.

As previously described, the client computer 102 may access socialnetwork 112, running on server computer 114 via the communicationsnetwork 110. For example, a user using an application program 108 (e.g.,Firefox®) running on a client computer 102 may connect via acommunication network 110 to one of their social network accounts 112which may be running on server computer 114.

Referring now to FIG. 2, a networked computer environment with anexemplary social hacking plugin in accordance with one embodiment isdepicted. Client computer 102 may communicate via a communicationnetwork 110 with one or more social networks 112 which may be running ona server computer 114. Social network security protection in accordancewith at least one embodiment may be implemented as a social hackingplugin 202 to social network 112 which may be running on server computer114.

A plugin is a computer program that interacts with a main application (aweb browser or an email program, for example) to provide a certain,usually very specific, function. The main application provides serviceswhich the plugins can use, including a way for plugins to registerthemselves with the main application and a protocol by which data isexchanged with plugins. Plugins are dependent on these services providedby the main application and do not usually work by themselves.Conversely, the main application is independent of the plugins, makingit possible for plugins to be added and updated dynamically withoutchanges to the main application. For example, social hacking plugin 202may be a computer program that provides data analytics and security to asocial network 112, such as Twitter or Facebook (i.e. the mainapplication).

FIGS. 3A-3C is an operational flowchart illustrating the steps carriedout by social hacking plugin 202 (FIG. 2) in accordance with anembodiment of the present invention. For example, the embodiment may beimplemented as a social hacking plugin 202 that interacts with a socialnetwork 112 (i.e. the main application) which may be running on server114 and provides data analytics and security to aid in the protectionagainst multiple shared social network accounts being hacked when thesecurity on one shared account has been compromised. The plugin may, forexample, be displayed to the user using a graphical user interface (GUI)in order to obtain the necessary information needed to provide securityprotection. This information may include, but is not limited to, thenames of all the shared social network accounts assigned to the user andsecurity questions and answers that may be later used to authenticatethe user's identity. The security protection as performed by socialhacking plugin 202 interacting with social network 112 which may berunning on server computer 114 is explained in more detail below withrespect to FIGS. 3A-3C.

Referring to FIG. 3A, at 302 the total number of social networksassigned to the user is determined. For example, the user may beprompted with a graphical user interface which guides the user intodisclosing the type and total number of social network accounts that arelinked via a social network aggregator. As previously described, asocial network aggregator allows members to share their social networkactivities among multiple linked social network accounts assigned to theuser. The accounts are linked via bridges. Bridges are software programsthat interface with multiple social networks on behalf of end users. Abridge can be a standalone software program offered by a third partysoftware vendor to link multiple social networks together, or it can bea software capability offered by one of the social networks. Users needto authorize bridges to connect on behalf of them across multiple socialnetwork accounts as a setup. Messages that a user posts in one socialnetwork can be automatically posted in another social network. Forexample, a user may post a message on Twitter and the same message mayautomatically be displayed on Facebook via a social network aggregatorwithout the user ever having to log into the Facebook account. As such,at 302 (FIG. 3A), the various linked social network accounts assigned tothe user are determined.

At 304, activity on each of social network accounts is monitored inorder to generate a profile comprising behavioral biometric values basedupon the stylometry of the user and the metadata of the user's messageposting provide by social networks. As previously discussed, stylometryis the application of the study of linguistic style. Stylometry featuresinclude but are not limited to lexical features (such as word orcharacter count), syntactic features (such as use of function words orpunctuation), structural features (such as text fonts, colors), andcontent-specific features (such as choice of words or topic domain). Incomputer security, biometrics refers to authentication techniques thatrely on measurable physical characteristics that can be automaticallychecked. Therefore, at 304, social hacking plugin 202 will monitor theuser's activity on each social network and develop a profile based uponthe stylometry of the user. For example, a user may always createmessages in lowercase, never use any punctuation and always ends theirmessages with a graphic or emoticon (i.e. smiley face, etc). As such,social hacking program 202 would generate a profile based upon thesecharacteristics in order to be able to identify if a message was notcreated by the user. For example, a message created on the user's socialnetwork account would not fit the profile of the user in the aboveexample if it was created using all capital letters, punctuation and nographic or emoticons. In another example, a user may never discusspolitical matter in a social network. If a message is posted by the userwith political content, this posting does not fall into the usualbehavior of the user and it will be raised as suspicious.

Referring now to 306, activity on each of social network accounts ismonitored in order to generate a profile that includes behavioralbiometric values based upon the metadata of the messages created by theuser. As previously described, metadata (metacontent) is the dataproviding information about one or more aspects of the data, such as themeans of creation of the data; purpose of the data; time and date ofcreation of the data; creator or author of the data; the access controlassociated with the data; location on a computer network where the datawas created and the standards used to create the data. Therefore, at306, social hacking plugin 202 will monitor the user's activity on eachsocial network and develop a profile based upon the metadata of themessages created by the user. For example, a user may always createmessages in the morning and only on a weekday. As such, social hackingprogram 202 would generate a profile based upon these characteristics inorder to be able to identify if a message was not created by the user.For example, a message created on the user's social network accountwould not fit the profile of the user in the above example if it wascreated at night and on a Saturday.

At 308, social hacking plugin 202 would determine if all social networksassigned to the user were monitored and a profile was created for eachsocial network account. If all social network accounts assigned to theuser have not been monitored, then social hacking plugin will continueto monitor all the remaining social networks assigned to the user andgenerate a profile based upon the stylometry of the user and themetadata of the messages for each social network account.

If, at 308, it is determined that all social network accounts assignedto the user have been monitored and a profile has been generated foreach account, social hacking plugin 202 may begin to monitor themessages created by the user on each social network account assigned tothe user in order to identify abnormal behavior. Abnormal behavior maybe any message or posting created on the user's social network accountthat does not fit the previously generated profile of the user for thatsocial network account.

As such, at 310 (FIG. 3B), social network plugin 202 (FIG. 2) receives anew social networking posting on a social network account assigned tothe user. Then at 312, social network plugin 202 determines if theposting matches the user's normal behavior by comparing it to theprofile that was previously generated for the user on that socialnetwork account. For example, if the user's profile indicates thatwhenever the user posts a message to their mother, it is usually postedin the morning and they refer to their mother as “mom”. As such, if theposting in this particular example is posted at night and refers to theuser's mother as “mother”, then social hacking plugin 202 woulddetermine that the posting does not match the profile for the userassociated with that social network.

If, at 312, the posting matches the user's previously determinedprofile, then the posting is displayed at 330. With respect to theexample above, if social hacking plugin 202 determines that the userposted a message to their mother in the morning and referred to theirmother as, “mom”, then the posting would match the previously determinedprofile for the user associated with that particular social networkaccount and as such, the posting would be displayed.

If, at 312, social hacking plugin 202 determines the posting does notmatch the profile for the user on this particular social networkaccount, then the posting will get defined as abnormal at 316. Forexample, a user may always create messages in the afternoon, only on aweekends and using only capital letters. As such, social hacking program202 would define a posting as abnormal if the posting was created in themorning, on a Monday and using only lowercase.

If social hacking plugin 202 determines the posting is abnormal (i.e.does not match the user's profile for that particular social networkaccount), then, at 318, a security question may be displayed to the userto validate the user's authenticity. For example, if social hackingplugin 202 determined that the posting created by the user does notmatch the previously generated profile for the user on that particularsocial network account (i.e. it was created in the morning, on Mondayand using only lowercase letters as in the example above), then socialhacking plugin 202 would post a security question to the user tovalidate the user's authenticity. For example, if it suspected that theperson posting the message is not the user assigned to the socialnetwork account, then social hacking plugin 202 may prompt the user witha personal question, such as the name of the street where their firsthouse was located.

Referring now to 320 (FIG. 3C), social hacking plugin 202 receives ananswer to the security question previously displayed to the user. Thenat 322, social hacking plugin 202 determines whether the securityquestion was validated by the user. The security question is validatedby the user if the user provides the correct answer to the securityquestion.

If at 322, it is determined that the user has not validated theirauthenticity by properly answering the security question, then at 324,all the network bridges that link the social network account in questionto all the other shared social network accounts assigned to the user aredisabled. As previously described, social network aggregation platformsallow members to share their social network activities via bridges amongvarious social network accounts assigned to the user. The bridges allowauto-posting of messages across the user's shared social networkaccounts.

Then at 326 social hacking plugin 202 notifies all of the shared socialnetwork accounts of the security breach. For example, social hackingplugin 202 may generate an email notification to the shared socialnetwork accounts apprising them of the security breach or potentialsecurity breach.

If at 322, social hacking plugin 202 determines that the securityquestion was validated by the user, then at 328 the posting attribute isadded to the user's profile for that particular social network accountassigned to the user and then the posting is displayed at 330. Forexample, if the user always creates a message on Mondays and the postingin question was created on a Saturday, then Saturday would be added asan attribute to the user's profile and the posting would be displayed.

FIG. 4 is a block diagram of internal and external components ofcomputers depicted in FIG. 1 in accordance with an illustrativeembodiment of the present invention. It should be appreciated that FIG.4 provides only an illustration of one implementation and does not implyany limitations with regard to the environments in which differentembodiments may be implemented. Many modifications to the depictedenvironments may be made based on design and implementationrequirements.

Data processing system 800, 900 is representative of any electronicdevice capable of executing machine-readable program instructions. Dataprocessing system 800, 900 may be representative of a smart phone, acomputer system, PDA, or other electronic devices. Examples of computingsystems, environments, and/or configurations that may represented bydata processing system 800, 900 include, but are not limited to,personal computer systems, server computer systems, thin clients, thickclients, hand-held or laptop devices, multiprocessor systems,microprocessor-based systems, network PCs, minicomputer systems, anddistributed cloud computing environments that include any of the abovesystems or devices.

User client computer 102, and network server computer 114 includerespective sets of internal components 800 a, b and external components900 a, b illustrated in FIG. 4. Each of the sets of internal components800 a, b includes one or more processors 820, one or morecomputer-readable RAMs 822 and one or more computer-readable ROMs 824 onone or more buses 826, and one or more operating systems 828 and one ormore computer-readable tangible storage devices 830. The one or moreoperating systems 828 and program 108 in client computer 102 are storedon one or more of the respective computer-readable tangible storagedevices 830 for execution by one or more of the respective processors820 via one or more of the respective RAMs 822 (which typically includecache memory). In the embodiment illustrated in FIG. 4, each of thecomputer-readable tangible storage devices 830 is a magnetic diskstorage device of an internal hard drive. Alternatively, each of thecomputer-readable tangible storage devices 830 is a semiconductorstorage device such as ROM 824, EPROM, flash memory or any othercomputer-readable tangible storage device that can store a computerprogram and digital information.

Each set of internal components 800 a, b, c also includes a R/W drive orinterface 832 to read from and write to one or more portablecomputer-readable tangible storage devices 936 such as a CD-ROM, DVD,memory stick, magnetic tape, magnetic disk, optical disk orsemiconductor storage device. The social hacking plugin 202 can bestored on one or more of the respective portable computer-readabletangible storage devices 936, read via the respective R/W drive orinterface 832 and loaded into the respective hard drive 830.

Each set of internal components 800 a, b also includes network adaptersor interfaces 836 such as a TCP/IP adapter cards, wireless wi-fiinterface cards, or 3G or 4G wireless interface cards or other wired orwireless communication links. The program 108 in client computer 102 andsocial network program 112 in network servers 114 can be downloaded toclient computer 102 from an external computer via a network (forexample, the Internet, a local area network or other, wide area network)and respective network adapters or interfaces 836. From the networkadapters or interfaces 836, the program 108 in client computer 102 andthe social network program 112 in network server computer 114 are loadedinto the respective hard drive 830. The network may comprise copperwires, optical fibers, wireless transmission, routers, firewalls,switches, gateway computers and/or edge servers.

Each of the sets of external components 900 a, b can include a computerdisplay monitor 920, a keyboard 930, and a computer mouse 934. Externalcomponents 900 a, b can also include touch screens, virtual keyboards,touch pads, pointing devices, and other human interface devices. Each ofthe sets of internal components 800 a, b also includes device drivers840 to interface to computer display monitor 920, keyboard 930 andcomputer mouse 934. The device drivers 840, R/W drive or interface 832and network adapter or interface 836 comprise hardware and software(stored in storage device 830 and/or ROM 824).

Aspects of the present invention have been described with respect toblock diagrams and/or flowchart illustrations of methods, apparatus(system), and computer program products according to embodiments of theinvention. It will be understood that each block of the flowchartillustrations and/or block diagrams, and combinations of blocks in theflowchart illustrations and/or block diagrams, can be implemented bycomputer instructions. These computer instructions may be provided to aprocessor of a general purpose computer, special purpose computer, orother programmable data processing apparatus to produce a machine, suchthat instructions, which execute via the processor of the computer orother programmable data processing apparatus, create means forimplementing the functions/acts specified in the flowchart and/or blockdiagram block or blocks.

The aforementioned programs can be written in any combination of one ormore programming languages, including low-level, high-level,object-oriented or non object-oriented languages, such as Java,Smalltalk, C, and C++. The program code may execute entirely on theuser's computer, partly on the user's computer, as a stand-alonesoftware package, partly on the user's computer and partly on a remotecomputer, or entirely on a remote computer or server. In the latterscenario, the remote computer may be connected to the user's computerthrough any type of network, including a local area network (LAN) or awide area network (WAN), or the connection may be made to an externalcomputer (for example, through the Internet using an Internet serviceprovider). Alternatively, the functions of the aforementioned programscan be implemented in whole or in part by computer circuits and otherhardware (not shown).

The foregoing description of various embodiments of the presentinvention has been presented for purposes of illustration anddescription. It is not intended to be exhaustive or to limit theinvention to the precise form disclosed. Many modifications andvariations are possible. Such modifications and variations that may beapparent to a person skilled in the art of the invention are intended tobe included within the scope of the invention as defined by theaccompanying claims.

What is claimed is:
 1. A method for securing a social network accountassigned to a member comprising: determining at least one social networkaccount assigned to the member, the member being in electroniccommunication with the at least one social network account via acommunication network, using a software program on a computer having aprocessor for executing the software program; determining, by theprocessor, a pattern of communications between the member and the atleast one social network account; generating, by the processor, aprofile for the at least one social network account assigned to themember based on the pattern of communications; and monitoring, by theprocessor, an electronic communication with the at least one socialnetwork account by the member based on comparing the generated profilewith the electronic communication.
 2. The method of claim 1, wherein themonitoring of the electronic communication comprises: receiving a newsocial network posting at the at least one social network account;analyzing the new social network posting; and disabling all bridges toany other social network account associated with the member in responseto determining, based on the comparing, that the new social networkposting is not in accordance with the generated profile.
 3. The methodof claim 1, wherein the generating of the profile comprises determininga stylometry behavioral biometric value from the pattern ofcommunications.
 4. The method of claim 3, wherein the stylometrybehavioral biometric value includes at least one of a member's style ofwriting, a type of message being shared, a context of a message and anapplication used to post a message.
 5. The method of claim 1, whereinthe generating of the profile comprises determining a metadata metricvalue from the pattern of communications.
 6. The method of claim 5,wherein the metadata value includes at least one of who created theposting, when the posting was created, what the content of the postingis, where the posting was created, how the posting was created, accesscontrol of the posting, and the IP address of the member creating theposting.
 7. The method of claim 2, wherein a hacking notification issent to the at least one social network account when the new socialnetwork posting is not in accordance with the generated profile.
 8. Acomputer system for writing data to a local site and a remote site, thecomputer system comprising: one or more processors, one or morecomputer-readable memories, one or more computer-readable tangiblestorage devices, and program instructions stored on at least one of theone or more storage devices for execution by at least one of the one ormore processors via at least one of the one or more memories, theprogram instructions comprising: program instructions to determine atleast one social network account assigned to the member, the memberbeing in electronic communication with the at least one social networkaccount via a communication network, using a software program on acomputer having a processor for executing the software program; programinstructions to determine, by the processor, a pattern of communicationsbetween the member and the at least one social network account; programinstructions to generate, by the processor, a profile for the at leastone social network account assigned to the member based on the patternof communications; and program instructions to monitor, by theprocessor, an electronic communication with the at least one socialnetwork account by the member based on comparing the generated profilewith the electronic communication.
 9. The computer system of claim 8,wherein the monitoring of the electronic communications comprises:program instructions to receive a new social network posting at the atleast one social network account; program instructions to analyze thenew social network posting; and program instructions to disable allbridges to any other social network account associated with the memberin response to determining, based on the comparing, that the new socialnetwork posting is not in accordance with the generated profile.
 10. Thecomputer system of claim 8, wherein the generating of the profilecomprises determining a stylometry behavioral biometric value from thepattern of communications.
 11. The computer system of claim 10, whereinthe stylometry behavioral biometric value includes at least one of amember's style of writing, a type of message being shared, a context ofa message and an application used to post a message.
 12. The computersystem of claim 8, wherein the generating of the profile comprisesdetermining a metadata metric values from the pattern of communications.13. The computer system of claim 12, wherein the metadata value includesat least one of who created the posting, when the posting was created,what the content of the posting is, where the posting was created, howthe posting was created, access control of the posting, and the IPaddress of the member creating the posting.
 14. The computer system ofclaim 9, wherein a hacking notification is sent to the at least onesocial network account when the new social network posting is not inaccordance with the generated profile.
 15. A computer program productfor writing data to a local site and a remote site, the computer programproduct comprising: one or more computer-readable storage devices andprogram instructions stored on at least one of the one or more tangiblestorage devices, the program instructions comprising: programinstructions to determine at least one social network account assignedto the member, the member being in electronic communication with the atleast one social network account via a communication network, using asoftware program on a computer having a processor for executing thesoftware program; program instructions to determine, by the processor, apattern of communications between the member and the at least one socialnetwork account; program instructions to generate, by the processor, aprofile for the at least one social network account assigned to themember based on the pattern of communications; and program instructionsto monitor, by the processor, an electronic communication with the atleast one social network account by the member based on comparing thegenerated profile with the electronic communication.
 16. The computerprogram product of claim 15, wherein the monitoring of the electroniccommunication comprises: program instructions to receive a new socialnetwork posting at the at least one social network account; programinstructions to analyze the new social network posting; and programinstructions to disable all bridges to any other social network accountassociated with the member in response to determining, based on thecomparing, that the new social network posting is not in accordance withthe generated profile.
 17. The computer program product of claim 15,wherein the generating of the profile comprises determining a stylometrybehavioral biometric value from the pattern of communications.
 18. Thecomputer program product of claim 17, wherein the stylometry behavioralbiometric value includes at least one of a member's style of writing, atype of message being shared, a context of a message and an applicationused to post a message.
 19. The computer program product of claim 15,wherein the generating of the profile comprises determining a metadatametric values from the pattern of communications.
 20. The computerprogram product of claim 19, wherein the metadata value includes atleast one of who created the posting, when the posting was created, whatthe content of the posting is, where the posting was created, how theposting was created, access control of the posting, and the IP addressof the member creating the posting.